[Python-bugs-list] [ python-Bugs-581165 ] smtplib.SMTP.ehlo method esmtp_features

noreply@sourceforge.net noreply@sourceforge.net
Thu, 21 Nov 2002 22:57:52 -0800


Bugs item #581165, was opened at 2002-07-14 09:46
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=581165&group_id=5470

Category: Python Library
Group: Python 2.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Piers Lauder (pierslauder)
Assigned to: Nobody/Anonymous (nobody)
Summary: smtplib.SMTP.ehlo method esmtp_features 

Initial Comment:
The ehlo() method in the smtplib class SMTP appears to
incorrectly
handle the response from Eudora Internet Mail Server
3.1.3 .

The rsponse to the "EHLO" command is:

send: 'ehlo gemini.cs.usyd.edu.au\r\n'
reply: '250-webfactory.com.au hello
gemini.cs.usyd.edu.au (129.78.111.139)\r\n'
reply: '250-EXPN\r\n'
reply: '250-PIPELINING\r\n'
reply: '250-8BITMIME\r\n'
reply: '250-BINARYMIME\r\n'
reply: '250-CHUNKING\r\n'
reply: '250-ENHANCEDSTATUSCODES\r\n'
reply: '250-ETRN\r\n'
reply: '250-AUTH CRAM-MD5 NTLM PLAIN LOGIN\r\n'
reply: '250-AUTH=LOGIN\r\n'
reply: '250 SIZE 2147483647\r\n'

which is then gathered into:

 ['webfactory.com.au hello gemini.cs.usyd.edu.au
(129.78.111.139)', 'EXPN', 'PIPELINING', '8BITMIME',
'BINARYMIME', 'CHUNKING', 'ENHANCEDSTATUSCODES',
'ETRN', 'AUTH CRAM-MD5 NTLM PLAIN LOGIN', 'AUTH=LOGIN',
'SIZE 2147483647']

which is then parsed into "self.esmtp_features as:

 {'enhancedstatuscodes': '', '8bitmime': '', 'expn':
'', 'chunking': '', 'etrn': '', 'pipelining': '',
'size': '2147483647', 'auth': '=LOGIN', 'binarymime': ''}

Note that the two lines starting "AUTH" have been
elided into the
one dictionary element 'auth':'=LOGIN'.

This prevents a subsequent call to the login() method
from correctly
identifying a suitable authentication method resulting in:

    raise SMTPException("No suitable authentication
method found.")



----------------------------------------------------------------------

>Comment By: Piers Lauder (pierslauder)
Date: 2002-11-22 17:57

Message:
Logged In: YES 
user_id=196212

I think this item should be closed. It now works as far as
I'm concerned.

Just a note about CRAM-MD5 authentication. I've had a
similar "feature" request for imaplib, and after our
experience here, I decided to make it an explicit option.
Ie: the invoker doesn't silently get CRAM-MD5 if available
via the default "login" method - they have to ask for it.
That way the invoker knows the status of protection for the
password.

----------------------------------------------------------------------

Comment By: Gerhard Häring (ghaering)
Date: 2002-10-15 04:54

Message:
Logged In: YES 
user_id=163326

Yes, the original problem was that we didn't parse AUTH=
lines and this has been fixed.

Apparently the reason the current code doesn't work for
Piers is that his SMTP server has problems with CRAM-MD5
although it says that it'll understand CRAM-MD5.

I can think of two workarounds:
- the additional argument like I proposedlibrary
- smtp.login() tries the advertised auth methods until it
finds one that works.   But I don't like such hacks, as they
make debugging problems even more difficult.

If anybody actually wants one of these, they should perhaps
file a feature request or a patch, so this one can be closed.

On your other question, I don't have access to a "real-life"
SMTP AUTH server except MS Exchange (of which we only
support LOGIN). You're right about not being able to use
/etc/passwd, but I believe most Unix MTAs support virtual
users, so this should not be a problem.

----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2002-10-15 04:37

Message:
Logged In: YES 
user_id=21627

I got the impression that the original problem reported has
been fixed. Is that impression incorrect?

If this is fixed, we should close this report. 

As for adding new parameters: I'd like to get a real-world
bug report first, which then should be tracked separately.

As for using CRAM-MD5: Correct me if I'm wrong, but doesn't
that require clear text passwords on the server, and thus
cannot be implemented on top of a /etc/passwd database? If
so, I wonder whether it is used in real life.

----------------------------------------------------------------------

Comment By: Gerhard Häring (ghaering)
Date: 2002-10-15 02:08

Message:
Logged In: YES 
user_id=163326

Maybe we should add an additional optional argument to the
login() method? Something like:

def login(user, password, method=smtplib.AUTH_CRAM_MD5)

?

----------------------------------------------------------------------

Comment By: Piers Lauder (pierslauder)
Date: 2002-08-07 15:01

Message:
Logged In: YES 
user_id=196212

I tried the second patch. It got the same problem with "AUTH 
CRAM-MD5" ("Syntax Error, not using <cr><lf> as end of 
line.") but then I tried forcing "AUTH LOGIN" (which I think is 
what your change applied to?) and that worked. Thanks!

So, I think the <cr><lf> problem is a bug on this particular 
smtp server, and I'm now happy because I can send mail to it 
using AUTH LOGIN (and the AUTH=LOGIN feature no longer 
causes a problem for smtplib.py)

The question is - should CRAM-MD5 be the preferred 
method?

I think the answer is yes as it is more secure, but perhaps a 
note could be installed somewhere to use LOGIN 
authentication if the <cr><lf> error occurs.

----------------------------------------------------------------------

Comment By: Gerhard Häring (ghaering)
Date: 2002-08-06 16:56

Message:
Logged In: YES 
user_id=163326

Piers, could you please try my patch again? It contained a
very stupid bug (sent the username twice, but no password).
This seems unrelated to the error message your SMTP server
sent, but maybe it's worth a try.

----------------------------------------------------------------------

Comment By: Piers Lauder (pierslauder)
Date: 2002-07-24 21:26

Message:
Logged In: YES 
user_id=196212

I tried the patch.

It gets me further - I now get "Syntax Error, not using
<cr><lf> as end of line."

Here's the trace:

resp: ['webfactory.com.au hello gemini.cs.usyd.edu.au
(129.78.111.139)', 'EXPN', 'PIPELINING', '8BITMIME',
'BINARYMIME', 'CHUNKING', 'ENHANCEDSTATUSCODES', 'ETRN',
'AUTH CRAM-MD5 NTLM PLAIN LOGIN', 'AUTH=LOGIN', 'SIZE
2147483647']
features: {'auth=login': '', 'enhancedstatuscodes': '',
'8bitmime': '', 'expn': '', 'chunking': '', 'etrn': '',
'pipelining': '', 'size': '2147483647', 'auth': 'CRAM-MD5
NTLM PLAIN LOGIN', 'binarymime': ''}
send: 'AUTH CRAM-MD5\r\n'
reply: '334
PDExODQ1NzY3NTctNjk3MjgzMDhAd2ViZmFjdG9yeS5jb20uYXU+\r\n'
reply: retcode (334); Msg:
PDExODQ1NzY3NTctNjk3MjgzMDhAd2ViZmFjdG9yeS5jb20uYXU+
send:
'cGllcnMlY29tbXVuaXR5c29sdXRpb25zLmNvbS5hdSAzOTU2NzVmYWUwZGUxZmQyN2I3MTRjNGQ5\nYzgzOWIwNQ==\r\n'
reply: '500 Syntax error, not using <cr><lf> as end of line\r\n'
reply: retcode (500); Msg: Syntax error, not using <cr><lf>
as end of line


Which doesn't make any sense, and is probably a server
problem, since I can see that each line sent _is_ terminated
with <cr><lf>.

So I consider the patch a (qualified) success.


----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2002-07-24 08:00

Message:
Logged In: YES 
user_id=21627

Can you please try the patch in

http://sourceforge.net/tracker/index.php?
func=detail&aid=572031&group_id=5470&atid=305470

and report whether it solves this problem?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=581165&group_id=5470